Disaster recovery and backup as a service are health sector necessities

By: Daniel Witteveen

One data center, one recovery center with a single backup strategy — in the good old days, this was all you needed to safeguard healthcare related data. Maybe disaster planning and backup were never quite that easy, but they were far easier than they are now. Many health facility leaders are exploring backup-as-a-service (BaaS) and disaster recovery-as-a-service (DRaaS) solutions to address the growing complexity of today’s health care environment, whether that’s solving issues tied to regulations such as the General Data Protection Regulation or responding to the explosion of data directly related to digital transformation.

The task: Organize the complicated

Today’s enterprise supports a complex IT environment. On-premises data centers exist alongside public and private clouds, software-as-a-service (SaaS) providers, hardware vendors, software makers, internal apps, third-party apps, remote offices and legacy systems.

These complicated hybrid IT environments arose in health care enterprises for many reasons, with digital transformation leading the way, causing the sheer volume of data produced and the exponential flood of data expected in the future. Hybrid IT arose as hospitals and health facilities needed to parse data to deliver better customer experiences and patient/customer outcomes. This new IT environment offers more flexibility and agility but also makes it difficult to integrate, monitor, manage, secure, protect and maintain regulatory and budget control. Managing this complexity often becomes more than an organization can contend with using internal staff. BaaS and DRaaS allow healthcare facilities to focus their time and resources on their core health care function rather than data management.

The power of business resiliency services

Experienced BaaS and DRaaS providers possess broad knowledge of the regulations and best practices needed to manage health data protection and recovery, often much more than internal hospital IT staff could maintain on their own because the providers have a global multicustomer view on best practices and are more motivated to optimize the environment. These providers know what is required to back up and recover critical information, and they own and maintain the infrastructure themselves providing business outcomes-based solutions to the customer. Because these providers own the infrastructure, what was once a costly capital expense for the health facility becomes an operating expense. Additionally, these providers define the architectural solution and billing metrics, so hospitals can accurately distribute costs among their internal service lines.

Perhaps more importantly, these providers defend against the ever-changing cyberthreats that health facilities face. These threats (e.g. cyberattacks) have financial, reputational and regulatory costs. Business resiliency service providers constantly evaluate client business processes to discover optimal recovery time and point objectives with solutions directly focused on cyber-related incidents. The business service that was critical 18 months ago may no longer be that urgent. This ongoing evaluation gives health facility administrators the peace of mind that these cyber threats, while inconvenient, won’t prove fatal.

What does well-executed DRaaS look like?

As most health organizations survey their own IT environments, they realize there’s no single point solution that can single-handedly solve DRaaS for their entire enterprise. The better solution is to find a managed service provider that is knowledgeable about all the solutions in the market and knows which ones are best to meet the client’s business objectives. At IBM, our focus isn’t on point solutions — instead, we focus on the business outcome for our clients.

We work with clients to review their business processes, their desired business outcomes, what service-level agreements (SLAs) they need to meet for their clients and how their billing methodology can align with those SLAs. The client’s burden becomes our burden. We’re the ones charged with figuring out the technologies and overall architecture that make all these obligations possible. The client no longer has to worry about incorporating a ton of different point solutions into a single strategy. They can focus on the outcomes that they need to protect against threats and reduce risk, and then let us manage details to assure that outcome is met.

This week at HIMSS, I’ll be discussing how to protect critical data with the right data protection and recovery strategy. I hope to see you there. In the meantime, learn more about IBM Business Resiliency Services.

Related topic: Disaster Recovery Plan

Topics: , , , ,

About The Author

Daniel Witteveen

Vice President, IBM Resiliency Services

Daniel Witteveen is Vice President, IBM Resiliency Services. He leads the Global Strategy and Portfolio team and is passionate about addressing clients' business resiliency needs across the physical and virtual layers of the enterprise, including data, applications, IT infrastructure, facilities, organization skills and business processes, aligned to the organization's strategy and vision. IBM Resiliency Services... Read more